> * explicit GSS credentials handle provided by application
> * default credentials
> * default credentials for specified authentication identity
> * credentials for specified authentication identity with specified password
Actually, this order isn't so useful, as I found out when my default Moonshot credentials were for one user, but Adium was configured for another -- suddenly I was authenticated as a different user!
I've changed the order to:
* explicit GSS credentials handle provided by application
* default credentials if no authentication identity is specified (gss_acquire_cred(GSS_C_NO_NAME))
* credentials for specified authentication identity (gss_acquire_cred(authid))
* credentials for specified authentication identity with specified password (gss_acquire_cred_with_password(authid))
The idea is to avoid prompting for a password until absolutely necessary, whilst honouring the authentication identity selected by the application.
-- Luke
|